ci: allow releasing from branch

[jordanrfrazier]

Updates workflow to allow releasing from branch, as well as fixing a handful of issues and simplifying the docker builds.

Summary by CodeRabbit

• New Features

  • Nightly Docker images (base, main, all) for linux/amd64 and arm64, published to Docker Hub and GHCR.
  • Expanded release builds via a new Docker Build v2 workflow and tag-based release triggering.
  • CI accepts an optional branch parameter.

• Improvements

  • More reliable frontend builds with increased Node memory and ESBuild fallback.
  • Cross-platform testing for Docker/LFX and consistent image tagging.
  • Optional push-to-registry control across workflows.

• Chores

  • Deprecated docker-build workflow now requires explicit acknowledgment to proceed.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds new and updated GitHub Actions workflows for release and nightly builds, introduces a v2 Docker build workflow, rewires release/nightly pipelines to pass refs/tags and push flags, adds an optional CI input, enforces a warning gate on the legacy docker-build workflow, and updates Dockerfiles to tweak frontend build environment and memory limits.

Changes

Cohort / File(s)	Summary
CI input update .github/workflows/ci.yml	Adds optional branch input to on.workflow_call.inputs (string, not required).
Docker build workflow v2 (new) .github/workflows/docker-build-v2.yml	New workflow with workflow_dispatch/workflow_call inputs (release_type, pre_release, ref, push_to_registry); multi-job build (base/main/ep/main-all); computes tags, sets up Buildx, logs in, and conditionally pushes to Docker Hub and GHCR.
Legacy docker-build gating .github/workflows/docker-build.yml	Adds required boolean warning_check input (both workflow_call and workflow_dispatch) and a gating step “Verify warning check” in get-version to enforce acknowledgement before proceeding.
Nightly docker build workflow (new) .github/workflows/docker-nightly-build.yml	New workflow for nightly builds: inputs (release_type, ref, push_to_registry), version extraction via uv, multi-arch Buildx builds for base/main/all, tag computation, and conditional pushes to Docker Hub and GHCR.
Nightly pipeline controller .github/workflows/nightly_build.yml	Adds skip_frontend_tests, skip_backend_tests, push_to_registry inputs; gates test jobs accordingly; updates needs/order; forwards push_to_registry to release-nightly call.
Release pipeline overhaul .github/workflows/release.yml	Adds release_tag input; validates tag; propagates tag to CI and build jobs; aligns checkout refs; adds cross-platform tests; updates release creation to derive tag from build outputs; integrates calls to docker-build-v2 (base, main_ep, main, main_all).
Nightly release orchestration refactor .github/workflows/release_nightly.yml	Converts to workflow_call; simplifies inputs to push_to_registry (required, default false); rewires docker build calls to docker-nightly-build.yml and docker-build-v2.yml; pins refs to nightly tag; updates artifact and step wiring.
Dockerfiles: frontend build env/memory docker/build_and_push.Dockerfile, docker/build_and_push_base.Dockerfile, docker/build_and_push_ep.Dockerfile, docker/build_and_push_with_extras.Dockerfile	Frontend build now sets ESBUILD_BINARY_PATH="" and increases NODE_OPTIONS --max-old-space-size from 8192 to 12288; keeps JOBS=1. Base/others aligned to force JS esbuild on emulated arches and raise heap.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant ReleaseWF as release.yml
  participant CI as ci.yml
  participant BuildV2 as docker-build-v2.yml
  participant GHCR as GHCR
  participant DH as Docker Hub
  participant Git as Git Tags

  Dev->>ReleaseWF: workflow_dispatch(release_tag, flags)
  ReleaseWF->>Git: Validate release_tag exists
  Git-->>ReleaseWF: ok / fail
  alt valid tag
    ReleaseWF->>CI: workflow_call(branch=release_tag, package flags)
    ReleaseWF->>BuildV2: call build-base(ref=release_tag, pre_release, push_to_registry)
    ReleaseWF->>BuildV2: call build-main(ref=release_tag, pre_release, push_to_registry)
    ReleaseWF->>BuildV2: call build-main-ep(ref=release_tag, pre_release, push_to_registry)
    ReleaseWF->>BuildV2: call build-main-all(ref=release_tag, pre_release, push_to_registry)
    BuildV2->>GHCR: login/push (conditional)
    BuildV2->>DH: login/push (conditional)
    ReleaseWF->>ReleaseWF: Create/Update Release (tag from build outputs)
  else invalid tag
    ReleaseWF-->>Dev: Fail: tag not found or branch exists
  end

Loading

sequenceDiagram
  autonumber
  participant Nightly as nightly_build.yml
  participant NightlyRel as release_nightly.yml
  participant NightlyDocker as docker-nightly-build.yml
  participant BuildV2 as docker-build-v2.yml
  participant GHCR as GHCR
  participant DH as Docker Hub

  Nightly->>Nightly: Inputs(skip_frontend_tests, skip_backend_tests, push_to_registry)
  alt frontend tests enabled
    Nightly->>Nightly: Run frontend tests
  else skipped
    Note over Nightly: Frontend tests skipped
  end
  alt backend tests enabled
    Nightly->>Nightly: Run backend tests
  else skipped
    Note over Nightly: Backend tests skipped
  end
  Nightly->>NightlyRel: workflow_call(push_to_registry)
  NightlyRel->>NightlyDocker: call nightly-base/main/all (ref=nightly tag, push flag)
  NightlyDocker->>GHCR: login/push (conditional)
  NightlyDocker->>DH: login/push (conditional)
  NightlyRel->>BuildV2: optional entrypoint variant call (ref=nightly tag)

Loading

sequenceDiagram
  autonumber
  participant Caller as docker-build.yml (legacy)
  participant Gate as Verify warning check
  participant Steps as Build Steps

  Caller->>Gate: inputs.warning_check
  alt warning_check == true
    Gate-->>Steps: proceed
    Steps->>Steps: get-version, build, push
  else false
    Gate-->>Caller: exit 1 with warning
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• ci: Increase memory limit and disable concurrent builds for esbuild in docker #9862: Adjusts the same Dockerfiles’ frontend build step (esbuild/Node.js memory), overlapping with this PR’s Dockerfile changes.
• feat: added install matrix before release #9205: Modifies release workflow to add cross-platform tests and adjust publish dependencies, intersecting with this PR’s release.yml updates.
• chore(workflow): comment out Docker build step for langflow-all in nightly release #8727: Alters release_nightly.yml Docker build invocations for nightly “all” path; related to this PR’s rewiring to new nightly/docker build workflows.

Suggested labels

size:L, enhancement, lgtm

Suggested reviewers

• ogabrielluiz

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and concisely summarizes the primary change of allowing releases from a branch by adding a branch input to the CI workflow, which aligns with the main objective and description of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	10.96% (2889/26352)	4.57% (926/20233)	6.48% (370/5702)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
1195	0 💤	0 ❌	0 🔥	20.463s ⏱️

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 24.13%. Comparing base (d5936d1) to head (cf146c2).
⚠️ Report is 18 commits behind head on main.

❌ Your project status has failed because the head coverage (47.02%) is below the target coverage (55.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9988      +/-   ##
==========================================
+ Coverage   23.67%   24.13%   +0.45%     
==========================================
  Files        1090     1091       +1     
  Lines       39766    40014     +248     
  Branches     5542     5543       +1     
==========================================
+ Hits         9415     9657     +242     
- Misses      30180    30186       +6     
  Partials      171      171              

Flag	Coverage Δ
backend	47.02% <ø> (+0.84%)	⬆️
frontend	10.11% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 26 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/release.yml (2)

273-281: Cross-platform tests are now blocked when LFX isn't part of the release

Adding build-lfx to the needs array means this job is skipped whenever inputs.release_lfx is false (the default). GitHub Actions propagates that skip, so publish-base / publish-main (which need this job) now get skipped as well, effectively preventing any Langflow release unless LFX is also released. Please gate the dependency so it’s only required when the corresponding package is being built (e.g. break this into per-artifact jobs or conditionally include build-lfx in needs).

---

470-499: GitHub release is skipped whenever LFX isn’t published

create_release now needs build-lfx and publish-lfx. When inputs.release_lfx is false (default), both jobs are skipped, which causes create_release to be skipped as well even if the main package published successfully. Result: every release that omits LFX fails to draft/update the GitHub release. Please remove the unconditional dependency on the optional LFX jobs (or introduce a helper job that always runs) so the release step executes whenever at least one artifact was published.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c0ac23a and 88807ff.

📒 Files selected for processing (11)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/docker-build-v2.yml (1 hunks)
• .github/workflows/docker-build.yml (3 hunks)
• .github/workflows/docker-nightly-build.yml (1 hunks)
• .github/workflows/nightly_build.yml (5 hunks)
• .github/workflows/release.yml (10 hunks)
• .github/workflows/release_nightly.yml (7 hunks)
• docker/build_and_push.Dockerfile (1 hunks)
• docker/build_and_push_base.Dockerfile (1 hunks)
• docker/build_and_push_ep.Dockerfile (1 hunks)
• docker/build_and_push_with_extras.Dockerfile (1 hunks)

👮 Files not reviewed due to content moderation or server errors (5)

• .github/workflows/ci.yml
• docker/build_and_push.Dockerfile
• docker/build_and_push_base.Dockerfile
• docker/build_and_push_with_extras.Dockerfile
• docker/build_and_push_ep.Dockerfile

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-07-18T18:27:12.609Z

Learnt from: CR
PR: langflow-ai/langflow#0
File: .cursor/rules/frontend_development.mdc:0-0
Timestamp: 2025-07-18T18:27:12.609Z
Learning: Frontend builds should output static files to src/frontend/dist/ for production deployment.

Applied to files:

• docker/build_and_push_with_extras.Dockerfile
• docker/build_and_push_ep.Dockerfile
• docker/build_and_push_base.Dockerfile
• docker/build_and_push.Dockerfile

📚 Learning: 2025-06-23T12:46:42.048Z

Learnt from: CR
PR: langflow-ai/langflow#0
File: .cursor/rules/frontend_development.mdc:0-0
Timestamp: 2025-06-23T12:46:42.048Z
Learning: Frontend builds must be performed using Vite, with production output placed in the dist/ directory and served by the backend in production environments.

Applied to files:

• docker/build_and_push_with_extras.Dockerfile
• docker/build_and_push_ep.Dockerfile
• docker/build_and_push.Dockerfile

📚 Learning: 2025-07-18T18:25:54.486Z

Learnt from: CR
PR: langflow-ai/langflow#0
File: .cursor/rules/backend_development.mdc:0-0
Timestamp: 2025-07-18T18:25:54.486Z
Learning: Applies to {tests/**/*.py,Makefile} : Run make unit_tests to execute backend unit tests

Applied to files:

• .github/workflows/nightly_build.yml

🪛 actionlint (1.7.7)

.github/workflows/docker-nightly-build.yml

48-48: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

---

128-128: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

---

209-209: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

.github/workflows/docker-build-v2.yml

58-58: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

---

130-130: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

---

208-208: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

---

281-281: label "langflow-ai-arm64-40gb" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

.github/workflows/release_nightly.yml

376-376: if: condition "always() && ${{ inputs.build_docker_main == 'true' }}" is always evaluated to true because extra characters are around ${{ }}

(if-cond)

.github/workflows/docker-build.yml

30-30: input "warning_check" of workflow_call event has the default value "false", but it is also required. if an input is marked as required, its default value will never be used

(events)

🪛 YAMLlint (1.37.1)

.github/workflows/release.yml

[warning] 469-469: too many blank lines (3 > 2)

(empty-lines)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 5
• GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 2
• GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 3
• GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 4
• GitHub Check: Run Backend Tests / Unit Tests - Python 3.10 - Group 1
• GitHub Check: Test Starter Templates

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix GHCR login username before this ships

docker/login-action validates that the supplied username matches the owner of the PAT you pass in. Here we're combining ${{ github.actor }} with secrets.TEMP_GHCR_TOKEN, so any manual release (actor ≠ PAT owner) will get a 401 and the workflow stops before publishing to GHCR. Please switch to the actual PAT owner (store it as a secret/variable) so releases succeed regardless of who triggers them.

-          username: ${{ github.actor }}
-          password: ${{ secrets.TEMP_GHCR_TOKEN}}
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.TEMP_GHCR_TOKEN }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.TEMP_GHCR_TOKEN}}
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ secrets.GHCR_USERNAME }}
	password: ${{ secrets.TEMP_GHCR_TOKEN }}

🤖 Prompt for AI Agents

In .github/workflows/docker-build-v2.yml around lines 102 to 108, the GHCR login
uses github.actor as the username while the PAT comes from
secrets.TEMP_GHCR_TOKEN, which will cause 401s when the workflow is triggered by
a different actor than the PAT owner; replace github.actor with a secret or
repo-level variable that holds the PAT owner's username (e.g.
secrets.GHCR_USERNAME), ensure that secret exists and matches the account that
owns TEMP_GHCR_TOKEN, and verify the PAT has the required write:packages scope
so GHCR publishing succeeds regardless of who triggers the workflow.

[jordanrfrazier]

Hm. It currently works as-is, so won't change this for now; though the comment seems correct

[lucaseduoli]

LGTM!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud